Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

ChaosBot Rust backdoor using Discord C2 and phishing delivery

Malware Activity
First reported
Last updated
Happening score
H score 28
1 unique sources, 1 articles

Summary

Hide ▲

ChaosBot is a newly disclosed Rust-based backdoor that gives operators reconnaissance and arbitrary command execution on compromised hosts, increasing the risk of full remote control. The malware was first detected in late September 2025 inside a financial services customer environment and relies on Discord C2 to receive instructions. It can also be delivered through phishing messages carrying a malicious LNK file, broadening its infection paths.

Related Happenings

Webworm EchoCreep and GraphWorm backdoor expansion

Malware Activity
First: 20.05.2026 15:51 Last: 20.05.2026 15:51 Sources 1

About this happening: **Webworm** expanded its malware arsenal in **2025** with the custom backdoors **EchoCreep** and **GraphWorm**, increasing its ability to run stealthy **command-and-control** oper...

Open Happening

Gremlin stealer modular toolkit evolution

Malware Activity
First: 15.05.2026 17:19 Last: 15.05.2026 17:19 Sources 1

About this happening: The **Gremlin stealer** malware has expanded into a **modular toolkit** with **session-hijacking** and **crypto clipping** capabilities, raising the risk of credential theft and a...

Open Happening

Vidar infostealer market rise and distribution expansion

Malware Activity
First: 28.04.2026 22:07 Last: 28.04.2026 22:07 Sources 1

About this happening: **Vidar** remains a long-running **infostealer** threat, and **Aryaka** reported a fresh campaign in **recent weeks** that adds **new obfuscation techniques** and stronger **steal...

Open Happening

Nexcorium Mirai botnet activity on TBK DVR devices

Malware Activity
First: 18.04.2026 09:01 Last: 18.04.2026 09:01 Sources 1

About this happening: **Nexcorium**, a **Mirai variant**, is now being deployed against **TBK DVR-4104** and **DVR-4216** devices by exploiting **CVE-2024-3721**, turning compromised IoT hardware into...

Open Happening

PowMix phishing campaign targeting Czech workforce

Campaign
First: 16.04.2026 20:52 Last: 16.04.2026 20:52 Sources 1

About this happening: The **PowMix** campaign is actively targeting the **Czech Republic’s workforce**, raising the risk of **remote access** and **remote code execution** on compromised systems. The i...

Open Happening

Timeline

  1. 13.10.2025 08:12 2 articles · 7mo ago

    Initial report: ChaosBot Rust backdoor using Discord C2 and phishing delivery

    Initial Disclosure

    In **late September 2025**, ChaosBot was first detected in a **financial services** customer environment after attackers reused **compromised Cisco VPN** credentials and an over-privileged **Active Directory** account to run **WMI** commands. That foothold enabled deployment of the backdoor and established **Discord-based** remote control.

    Show sources
    Open in new tab